risk mobile banking

Mobile banking – accessing bank accounts via mobile-friendly websites or banking apps – is becoming more and more popular by the day as a growing number of people discover the benefits of having near instant access to their money and their statements, wherever they are in the world.

Fuelled by an increase in ownership of smartphones and tablets, even watches nowadays, mobile banking offers the kind of convenience the internet was made for.

Best of all, a service offered by organisations at the heart of the financial system should be ultra secure too, right?

Well, for the most part, mobile banking is safe, at least from a technical point of view, as banks invest heavily in the security of their services, both to protect their assets and in order to comply with various laws and regulations within the countries they operate in.

Unfortunately, however, the humble human being is often not as secure as a heavily regulated industry, meaning there are many avenues through which an online criminal could attack.

The dangers of mobile banking

In many ways it is fortunate that the majority of risks surrounding mobile banking are people-centric in nature as that means they are easily thwarted by anyone who knows what to look out for, such as:

  • unauthorised third parties gaining access to online bank accounts using login details that have been stolen directly, or published online following a data breach at the target’s own bank, or extracted from the victim themselves via social engineering
  • good old-fashioned ‘shoulder surfing’ whereby a criminal looks over a victim’s shoulder (or watches them on CCTV) when they login on their computer or mobile device
  • login details ‘sniffed’ (stolen) over insecure WiFi networks and rogue hotspots
  • lost and stolen devices that have mobile banking details saved in a text file, or set to be never forgotten by the mobile banking app itself
  • phishing scams – emails that appear to have come from the victim’s bank that include a call to action, such as a requirement to reset a password after a “security incident,” and which include a convincing yet bogus link to a cloned version of the bank under the criminal’s control
  • social engineering via the telephone – a call from someone saying they are from a bank, needing to verify all of the potential victim’s login details in order to confirm their identity

Tips for making your mobile banking safer

Given the nature of the risks, the means for ensuring safer internet banking on the go are all quite achievable.

When we asked Neira Jones, ex-Head of Payment Security for Barclaycard, for her tips for safer mobile banking, she said:

“You wouldn’t broadcast a very private secret in a crowded train station, would you?…

So be careful when using online banking services, especially when out and about:

DON’T

Use public WiFi (e.g. hotels, internet cafes and other public venues) when banking online.

DON’T write down your passwords and other secrets and keep them in your wallet or about your person (cards + credentials = criminals’ heaven)

DO

Enrol in two factor authentication with your bank, that additional layer of security could save you a lot of heartache (and money…)

Use your own VPN when not at home”.

Adding to Neira’s wisdom, we would also suggest the following:

  • locking down your mobile device with a PIN code (an okay level of security) or lengthier password (more secure, if you use a combination of letters, numbers, symbols and avoid using common words)
  • being aware of your surroundings and who may be watching you either directly or via any cameras in the locale
  • never allowing any website or app to remember your login details – such convenience could ultimately prove to be very costly
  • keeping your mobile banking app up to date, along with the device’s operating system
  • looking out for rogue emails that ask you to login to your bank account via an included link – your bank should never ask you to do this
  • keeping your wits about you if you ever receive a text or phone call from an official claiming there is a problem with your account – no legitimate organisation will ever ask you to confirm all your details so don’t give them out
  • only ever download banking and other apps from official sources, such as Google Play and Apple’s App Store, as third party sites have often been known to host rogue versions of popular files
  • consider installing a mobile security solution – many apps, even from the biggest names in the security industry, are free on mobile platforms
  • if your bank offers a facility to send a text message whenever a transaction is actioned on your account, take advantage of it, and check those transactions as and when they come through to ensure they were authorised by you